Hey new poster! We require a minimum account-age and karma for this subreddit. Remember to search for your question first and try again after you have acquired more karma. I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns. More on reddit.com

What's approximate pricing for Falcon Identity Threat Protection?

More on reddit.com

Hi there. You have to buy a license for Identity Threat Protection, but the code-base is included in the Falcon Sensor (you don't need to install something else). ITP will inspect authentication traffic that is traversing your domain controllers to provide enforcement for step-up multi-factor authentication and collects additional data that can be used to detect identity specific threats. I hope that helps! More on reddit.com

Any on-premise accounts whose domains are not integrated with Azure AD will need to use a different MFA than the Azure AD MFA. We have this problem too; we're considering just using an RFC 6238 compliant TOTP (which includes the MS Authenticator app) and making sure the user is coming from an endpoint with CS Falcon installed. Falcon will pop-up a requeste for the TOTP and the user has to get it from the authenticator app on their phone. The lack of a prompt won't be a problem for Azure AD integrated domains, as that will use the Phone Authenticator (if you have that configured) I didn't know there was a difference between the two. Ours uses Azure AD MFA as defined in our "Authentication Methods" settings in Azure AD. This is set as number matching Phone Sign-In Yes, we use native Azure AD-joined devices and users login to the Windows desktop using their Azure AD identity. The login is performed using "Windows Hello for Business" which supports a wide variety of auth methods, nearly all of which provide - as part of the authentication - an "MFA Claim" within the Primary Refresh Token (PRT). What I don't know yet is whether the MFA claim generated is accepted when IDP requests an MFA event. CrowdStrike had to fudge a few things to "trigger" an MFA in Azure AD as I understand it. Prior to this they needed an NPS server which we were not keen on. We are cloud-first, so if a vendor says "you need to deploy a server" we push back pretty hard. The better question is whether FIDO2 keys are supported. FIDO2 keys require an on-the-desktop interaction, so my belief here - yet to be validated - is that it will use Phone Sign-In MFA, not FIDO2 support. More on reddit.com